Re: Note to LEAF users on ssh logins

Leaf and, in fact, all of my machines which have open ssh ports are
getting
random hack attempts, about 20-30 a day in short bursts, usually
from a
different IP address each day. I talked with a few sysop friends and
their boxes are getting similar traffic. The hack attempts primarily
try to ssh to root, admin, and a bunch of microsoft-soundy names.
It looks
fairly coordinated, like it is trying a couple of passwords a each
day
then trying again with different passwords the next day.

While none of my machines allow passworded logins over ssh
(especially
not for root), and LEAF accounts are all '*'d out (key only logins),
I am rather disquieted by the continuous attempts so I have written
and
intalled a little program to monitor the syslog which will
automatically
block failed password or illegal user login attempts.

It isn't very refined yet so if you find yourself locked out of leaf
send me an email!